Re: First time setup...something wrong
Le mar, 03 nov 1998, Andreas Jdrund a écrit : Ralf S. Engelschall wrote: On Tue, Nov 03, 1998, Andreas Jdrund wrote: I do this: $ s_client -host localhost -port 443 and gets the answer: CONNECTED(0003) 27435:error:140770F8:SSL routines:SSL23_GET_SERVER_HELLO:unknownprotocol:s23_clnt.c:451: and in error_log this: [error] [client 130.235.92.154] Invalid method in request 80 Extract from http.conf: Port 80 ... Listen 80 Listen 443 What's wrong? This ok, but seems like on port 443 SSL is not actually enabled. Check your VirtualHost section: It has to correctly use the IP or hostname _and_ port _and_ has to use the SSLEnable. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Better! but now netscape complains with: "The security library has experienced an out of memory error. Please try to reconnect." and error_log says: [error] mod_ssl: SSL_accept failed [error] SSLeay: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate I use "https://..." Any suggestions? How did you get your certificate ? Sounds like the "ca bit" problem... which mod_ssl version do you use? You could try latest mod_ssl release. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: First time setup...something wrong
Le mar, 03 nov 1998, vous avez écrit : I do this: $ s_client -host localhost -port 443 and gets the answer: CONNECTED(0003) 27435:error:140770F8:SSL routines:SSL23_GET_SERVER_HELLO:unknownprotocol:s23_clnt.c:451: and in error_log this: [error] [client 130.235.92.154] Invalid method in request 80 Extract from http.conf: Port 80 ... Listen 80 Listen 443 What's wrong? -- Andreas Järundmailto: [EMAIL PROTECTED] Lund, Sweden home: http://www.efd.lth.se/~f93aj Did you tried to connect to port 443 with telnet and issue a: GET / HTTP 1.0 If it works, this mean that your server is not SSLenabled and you have to add the directive SSLenable to the server running on port 443. __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Ronan-Yann Lorintel: +33 603 326 434 3, allée des Hirondellesmailto:[EMAIL PROTECTED] F-95220 Herblay http://www.mygale.org/~lorin __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: First time setup...something wrong
Ralf S. Engelschall wrote: On Tue, Nov 03, 1998, Andreas Jdrund wrote: I do this: $ s_client -host localhost -port 443 and gets the answer: CONNECTED(0003) 27435:error:140770F8:SSL routines:SSL23_GET_SERVER_HELLO:unknownprotocol:s23_clnt.c:451: and in error_log this: [error] [client 130.235.92.154] Invalid method in request 80 Extract from http.conf: Port 80 ... Listen 80 Listen 443 What's wrong? This ok, but seems like on port 443 SSL is not actually enabled. Check your VirtualHost section: It has to correctly use the IP or hostname _and_ port _and_ has to use the SSLEnable. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Better! but now netscape complains with: "The security library has experienced an out of memory error. Please try to reconnect." and error_log says: [error] mod_ssl: SSL_accept failed [error] SSLeay: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate I use "https://..." Any suggestions? __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: First time setup...something wrong
On Tue, Nov 03, 1998, Andreas Järund wrote: [...] Better! but now netscape complains with: "The security library has experienced an out of memory error. Please try to reconnect." and error_log says: [error] mod_ssl: SSL_accept failed [error] SSLeay: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate I use "https://..." Any suggestions? As the error message indicates, something is wrong with the certificates. When it's the client cert first try connecting without client certs (use "SSLVerifyClient none" and don't select one in Netscape). When it's the server cert try reading it via "ssleay x509 -noout -text -in file" and make sure this works. When all fails, try to follow the INSTALL file more closely, i.e. first setup an SSL server the default way. In other words: Use `make certificate' to create a test cert and use the pre-configured httpd.conf file APACI installs under `make install'. Then move this stuff into your real server environment. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]